Supply chain security requires knowing who to avoid